Lucene search
+L

12 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/10/07 6:16 p.m.38 views

Security Bulletin: Node.js as used by IBM Security QRadar Packet Capture contains multiple vulnerabilities (CVE-2020-8201, CVE-2020-8252, CVE-2020-8251, CVE-2020-8277)

Summary Node.js as used by IBM Security QRadar Packet Capture contains multiple vulnerabilities. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attack...

7.8CVSS0.9AI score0.54164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/26 3:33 p.m.40 views

Security Bulletin: IBM Cloud Private is vulnerable to Node.js vulnerabilities (CVE-2020-8201, CVE-2020-8252, CVE-2020-8251)

Summary IBM Cloud Private is vulnerable to Node.js vulnerabilities Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this...

7.8CVSS0.8AI score0.08794EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2021/01/07 12:0 a.m.131 views

Important: libuv

Issue Overview: Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on t...

7.5CVSS6.4AI score0.08794EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/01/07 12:0 a.m.61 views

Amazon Linux 2 : libuv (ALAS-2021-1581)

The version of libuv installed on the remote host is prior to 1.39.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1581 advisory. Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting...

7.5CVSS6.8AI score0.08794EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/04 2:37 p.m.33 views

Security Bulletin: Vulnerability in Node.js affects IBM Netcool Agile Service Manager

Summary A vulnerability in Node.js used by IBM Netcool Agile Service Manager has been identified. Netcool Agile Service Manager has addressed the CVE. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By...

7.8CVSS1.4AI score0.08794EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/18 3:33 p.m.46 views

Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to the WebSphere Liberty server, to Node.js runtime and modules and to other open source packages. Vulnerability Details CVEID: CVE-2019-7619 DESCRIPTION: Elastic Elasticsearch could allow a remote attacker to obtain sensitive information, caused by a flaw ...

8.8CVSS0.8AI score0.08794EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/14 3:16 p.m.44 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities.

Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities: CVE-2020-8251, CVE-2020-8201, CVE-2020-8252 Vulnerability Details CVEID: CVE-2020-8251 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An...

7.8CVSS0.8AI score0.08794EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/12/14 12:0 a.m.42 views

Fedora 33 : 1:nodejs (2020-43d5a372fc)

Update to 14.15.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

8.8CVSS6.9AI score0.08794EPSS
Exploits1References8
CVE
CVE
added 2020/09/18 8:11 p.m.136 views

CVE-2020-8251

Node.js vulnerability CVE-2020-8251 affects Node.js 14.x before 14.11.0 and, per related advisories, Node.js 12.x before 12.18.4. Root cause: a bug in processing carriage-return symbols in HTTP header names leading to HTTP desync and resource exhaustion. Impact: HTTP DoS allowing an attacker to e...

7.5CVSS7.1AI score0.08794EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/09/17 12:0 a.m.37 views

FreeBSD : Node.js -- September 2020 Security Releases (4ca5894c-f7f1-11ea-8ff8-0022489ad614)

Node.js reports : Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...

7.8CVSS7.2AI score0.08794EPSS
Exploits0References5
ALT Linux
ALT Linux
added 2020/09/16 12:0 a.m.54 views

Security fix for the ALT Linux 9 package node version 14.11.0-alt1

Sept. 16, 2020 Vitaly Lipatov 14.11.0-alt1 - new version 14.11.0 with rpmrb script - CVE-2020-8251: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests Critical - CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion High...

5.8CVSS7.7AI score0.08794EPSS
Exploits0
FreeBSD
FreeBSD
added 2020/09/08 12:0 a.m.52 views

Node.js -- September 2020 Security Releases

Node.js reports: Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...

7.8CVSS1.5AI score0.08794EPSS
Exploits0References1
Rows per page
Query Builder